What is the role of the Board of Directors with regard to Enterprise Risk Management? I recently addressed the Board members of Island Health, our local health authority, to answer this question.

The Board has already been given advice by the Healthcare Insurance Reciprocal of Canada. HIROC characterizes health authorities as “high reliability” organizations, meaning that any particular failure can have much larger catastrophic effects.

I suggested the following Board duties:

to review the rigour, quality and efficacy of the enterprise risk management regime itself;

to review the content, i.e., results of the risk assessment process, as applied to strategic plans – the risks that were identified; the mitigation plans created;

to ask critical questions regarding any element of the risk management practice, make suggestions, advise and guide the executive.

Similar to audit, the Board must maintain its independence. Unlike audit, which uses specific criteria and checks for compliance, each Board member formulates questions and criticism by drawing upon his or her unique individual background and expertise.

Eventually, the risk culture should mature so that a common understanding is developed among management, staff, and the board itself of how corporate values and risk ownership are understood and applied.